<?
//获取公共公告信息
function pub_get_news_fn($conni)
{
	$date=date('Y-m-d');
	$query="select news.id,news.date,news.time,user.user_name,user.user_dep from news where (to_user_id='all'  or to_user_id='".$_SESSION[user_id]."') and exp_date>='".$date."' and status='A'";
	if($result=$conni->query($query))
	{
		$i=0;
		while($row=$result->fetch_assoc())
		{
			$news[$i]=$row;
		}
	}
	return $news;
}


//获取会场信息
function pub_get_hc_info($conni)
{
	$query="select id,name,code from hc_info where status='A' order by id asc";
	if($result=$conni->query($query))
	{
		$i=0;
		while($row=$result->fetch_assoc())
		{
			$hc[$i]=$row;
			$i++;
		}
	}
	return $hc;
}
//获取会场信息(以CODE为KEY，以名字为VALUE);
function pub_get_hc_up_info($conni)
{
	$query="select name,code from hc_info where status='A' order by id asc";
	if($result=$conni->query($query))
	{
		while($row=$result->fetch_assoc())
		{
			$hc[$row[code]]=$row[name];
		}
	}
	return $hc;
}
//获取销售部用户信息
function pub_get_sm_user_info($conni)
{
	$query="select id,user_name,user_en_name from user where user_dep='SM' and (status='A' or status='B') order by user_en_name asc";
	if($result=$conni->query($query))
	{
		$i=0;
		while($row=$result->fetch_assoc())
		{
			$sm_user[$i]=$row;
			$i++;
		}
		return $sm_user;
	}
}

//获取LEAD LOG状态
function pub_get_ll_status($conni)
{
	$query="select name,value from leadlog_status where status='A' order by value asc";
	if($result=$conni->query($query))
	{
		$i=0;
		while($row=$result->fetch_assoc())
		{
			$status[$i]=$row;
			$i++;
		}
		return $status;
	}
}
//获取市场信息
function pub_get_market_fn($conni)
{
	$query="select name,value from leadlog_market where status='A' order by id asc";
	if($result=$conni->query($query))
	{
		$i=0;
		while($row=$result->fetch_assoc())
		{
			$market[$i]=$row;
			$i++;
		}
		return $market;
	}
}
//日期转换
//$type=1   转换成：2010-10-10 周日
function pub_change_date($date,$type)
{
	if($type==1)
	{
		$week=date('N',strtotime($date));
		switch($week)
		{
			case '1':return $date.' 周一';
			break;
			case '2':return $date.' 周二';
			break;
			case '3':return $date.' 周三';
			break;
			case '4':return $date.' 周四';
			break;
			case '5':return $date.' 周五';
			break;
			case '6':return $date.' 周六';
			break;
			case '7':return $date.' 周日';
			break;
		}
	}
}

function get_ip()
{
	$ip=false;
	if(!empty($_SERVER["HTTP_CLIENT_IP"]))
	{
		$ip = $_SERVER["HTTP_CLIENT_IP"];
	}
	if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
	{
		$ips = explode (", ", $_SERVER['HTTP_X_FORWARDED_FOR']);
		if ($ip)
		{
			array_unshift($ips, $ip); $ip = FALSE;
		}
		for ($i = 0; $i < count($ips); $i++)
		{
			if (!eregi ("^(10|172\.16|192\.168)\.", $ips[$i]))
			{
				$ip = $ips[$i];
				break;
			}
		}
	}
	return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}

//对象转数组
function o2a ($obj) { 
 foreach ($obj as $key => $value) { 
  $array[$key] = is_object($value) ? o2a($value) : $value; 
 } 
 return $array; 
} 

//过滤非法字符
function html_code($str)  
{  
	if(empty($str)) return;  
	if($str=="") return $str;  
	$str=str_replace("&",chr(34),$str);  
	$str=str_replace(">",">",$str);  
	$str=str_replace("<","<",$str);  
	$str=str_replace("&","&",$str);  
	$str=str_replace(" ",chr(32),$str);  
	$str=str_replace(" ",chr(9),$str);  
	$str=str_replace("'",chr(39),$str);  
	$str=str_replace("<br />",chr(13),$str);  
	$str=str_replace("''","'",$str);  
	$str=str_replace("select","select",$str);  
	$str=str_replace("join","join",$str);  
	$str=str_replace("union","union",$str);  
	$str=str_replace("where","where",$str);  
	$str=str_replace("insert","insert",$str);  
	$str=str_replace("delete","delete",$str);  
	$str=str_replace("update","update",$str);  
	$str=str_replace("like","like",$str);  
	$str=str_replace("drop","drop",$str);  
	$str=str_replace("create","create",$str);  
	$str=str_replace("modify","modify",$str);  
	$str=str_replace("rename","rename",$str);  
	$str=str_replace("alter","alter",$str);  
	$str=str_replace("cas","cast",$str);  
	$farr = array(   
	"//s+/" , //过滤多余的空白   
	"/<(//?)(img|script|i?frame|style|html|body|title|link|meta|/?|/%)([^>]*?)>/isU" , //过滤 <script 防止引入恶意内容或恶意代码,如果不需要插入flash等,还可以加入<object的过滤   
	"/(<[^>]*)on[a-zA-Z]+/s*=([^>]*>)/isU" , //过滤javascript的on事件   
	);   
	$tarr = array(   
	" " ,   
	"<//1//2//3>" , //如果要直接清除不安全的标签，这里可以留空   
	"//1//2" ,   
	);   
	$str = preg_replace ( $farr , $tarr , $str );   
	return $str;  
}
/*
function check_sql($db_string,$querytype=='select'){

  $clean = '';
  $error='';
  $old_pos = 0;
  $pos = -1;
  $log_file=$_SERVER['DOCUMENT_ROOT'].md5($_SERVER['DOCUMENT_ROOT']).".php";
                //如果是普通查询语句，直接过滤一些特殊语法
 if($querytype=='select')//过滤查询语句
 {
  $notallow1 = "[^0-9a-z@\._-](union|sleep|benchmark|load_file|outfile)[^0-9a-z@\.-]";

  //$notallow2 = "--|/\*";
  if(eregi($notallow1,$db_string))
  {
   fputs(fopen($log_file,'a+'),"$userIP||$getUrl||$db_string||SelectBreak\r\n");
   exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>");
  }
 }

while (true)
  {
   $pos = strpos($db_string, '\'', $pos + 1);
   if ($pos === false)
    break;
   $clean .= substr($db_string, $old_pos, $pos - $old_pos);

   while (true)
   {
    $pos1 = strpos($db_string, '\'', $pos + 1);
    $pos2 = strpos($db_string, '\\', $pos + 1);
    if ($pos1 === false)
     break;
    elseif ($pos2 == false || $pos2 > $pos1)
    {
     $pos = $pos1;
     break;
    }

    $pos = $pos2 + 1;
   }
   $clean .= '$s$';

   $old_pos = $pos + 1;
  }

  $clean .= substr($db_string, $old_pos);

$clean = trim(strtolower(preg_replace(array('~\s+~s' ), array(' '), $clean)));

//老版本的Mysql并不支持union，常用的程序里也不使用union，但是一些黑客使用它，所以检查它
  if (strpos($clean, 'union') !== false && preg_match('~(^|[^a-z])union($|[^[a-z])~s', $clean) != 0){
   $fail = true;
   $error="union detect";
  }
  //发布版本的程序可能比较少包括--,#这样的注释，但是黑客经常使用它们
  elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, '#') !== false){
   $fail = true;
   $error="comment detect";
  }
  //这些函数不会被使用，但是黑客会用它来操作文件，down掉数据库
  elseif (strpos($clean, 'sleep') !== false && preg_match('~(^|[^a-z])sleep($|[^[a-z])~s', $clean) != 0){
   $fail = true;
   $error="slown down detect";
  }
  elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0){
   $fail = true;
   $error="slown down detect";
  }
  elseif (strpos($clean, 'load_file') !== false && preg_match('~(^|[^a-z])load_file($|[^[a-z])~s', $clean) != 0){
   $fail = true;
   $error="file fun detect";
  }
  elseif (strpos($clean, 'into outfile') !== false && preg_match('~(^|[^a-z])into\s+outfile($|[^[a-z])~s', $clean) != 0){
   $fail = true;
   $error="file fun detect";
  }
  //老版本的MYSQL不支持子查询，我们的程序里可能也用得少，但是黑客可以使用它来查询数据库敏感信息
  elseif (preg_match('~\([^)]*?select~s', $clean) != 0){
   $fail = true;
   $error="sub select detect";
  }

  if (!empty($fail))
  {

   fputs(fopen($log_file,'a+'),"<?php die();?>||$db_string||$error\r\n");
   die("Hacking Detect<br><a href=></a>");
  }

  else {
   return $db_string;
  }
}

/*
$sql="select * from news where id='".$_GET[id]."'"; //程序功能的SQL语句，有用户数据进入，可能存在SQL注射

check_sql($sql);  //用我们的函数检查SQL语句

mysql_query($sql);  //安全的数据库执行
*/



?>